WORDPRESS
OFFSEC - Proving Grounds - SHIFTDEL
·3543 words·17 mins
OFFSEC PG PRACTICE
WORDPRESS
PHPMYADMIN
Access via provided credentials or exploit WordPress 4.9.6 (CVE-2019-17671) for a password. Delete .htaccess, and get credentials, use phpMyAdmin RCE (CVE-2018-12613) for initial access and exploit command misconfiguration to get root.
OFFSEC - Proving Grounds - NUKEM
·2010 words·10 mins
OFFSEC PG PRACTICE
WORDPRESS
DOSBOX
Access target via SSH or exploit WordPress with wpscan using simple-file-list vuln. Get http user, find commander creds in wp-config.php, use SUID dosbox for root.